Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Nation-State Hackers Breached FireEye, Stole Its Red Team Tools
Newest First  |  Oldest First  |  Threaded View
secdyne
50%
50%
secdyne,
User Rank: Apprentice
12/11/2020 | 3:49:04 PM
Re: Proof, yet again, that there is no such thing as computer security
Security is not a binary proposition...it's more analog. That said, any organization can be susceptible to a high capability threat actor. Despite this being the worst theft of cyberweapons (any tool can be weaponized) since the 2016 Shadowbrokers hitjob on the NSA, this incident will in my estimate force the evolution of countermeasures. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
12/10/2020 | 3:15:44 PM
Re: Proof, yet again, that there is no such thing as computer security
Interesting, this is almost laughable. Accenture Government, Army, Airforce, Marriott, NSA and major government installations have allowed hacks to take place across the globe (Airforce - England, Accenture - China, Marriott - ???, NSA - Shadow Brokers and Ed. Snowden, FireEye - Russia, Army - ???, Personnel Division/State Dept - China Red Team, CapitalOne - Paige Thompson)

But one thing about a few of these attacks, specific attacks were identified as an inside attack. I do believe this was the same because they are a reputable securty company so this is surprising to hear.

Anyway, the investigation and unveiling the issue will soon begin.

FireEye
lancop
50%
50%
lancop,
User Rank: Moderator
12/9/2020 | 6:35:22 PM
Proof, yet again, that there is no such thing as computer security
After yaars of seeing companies with the best network security technologies in the world professionally deployed, operated and maintained, we witness, yet again, that there is no such thing as computer security. Only other targets being breached before they get around to you.

Especially troubling because we de-industrialized our economy in favor of the information economy, and now we know that IP can easily be stolen by foreign powers who want it badly enough. So, what really matters in the 21st century is who has the nimble industrial capability and financial capital to produce, market and improve whatever is successfully stolen from the company that did the hard work of inventing it.

The knowledge economy is no longer proprietary. Where does it leave us in the decades to come?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41303
PUBLISHED: 2021-09-17
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
CVE-2021-30260
PUBLISHED: 2021-09-17
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, ...
CVE-2021-30261
PUBLISHED: 2021-09-17
Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-3803
PUBLISHED: 2021-09-17
nth-check is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3804
PUBLISHED: 2021-09-17
taro is vulnerable to Inefficient Regular Expression Complexity